| Message ID | 20171207115647.29098-1-kleber.souza@canonical.com |
|---|---|
| Headers | show |
| Series | Fix for CVE-2017-14140 | expand |
On 07.12.2017 11:56, Kleber Sacilotto de Souza wrote: > Only Trusty and Zesty are affected by CVE-2017-14140. > > The backport for Zesty was needed to adjust for context. Trusty > doesn't have caaee6234d05a ("ptrace: use fsuid, fsgid, effective creds > for fs access checks") which adds the definition and the checks for > PTRACE_MODE_READ_REALCREDS, whoever checking for PTRACE_MODE_READ should > be enough. > > Linus Torvalds (1): > Sanitize 'move_pages()' permission checks > > mm/migrate.c | 11 +++-------- > 1 file changed, 3 insertions(+), 8 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On Thu, Dec 07, 2017 at 12:56:45PM +0100, Kleber Sacilotto de Souza wrote: > Only Trusty and Zesty are affected by CVE-2017-14140. > > The backport for Zesty was needed to adjust for context. Trusty > doesn't have caaee6234d05a ("ptrace: use fsuid, fsgid, effective creds > for fs access checks") which adds the definition and the checks for > PTRACE_MODE_READ_REALCREDS, whoever checking for PTRACE_MODE_READ should > be enough. > When first looking at caaee6234d05a, I thought why not pick it up. But looking at this specific issue of move_pages, it seems to warrant a fix of its own. If we ever pick up caaee6234d05a for trusty, we'd better remember to fix this up. Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > Linus Torvalds (1): > Sanitize 'move_pages()' permission checks > > mm/migrate.c | 11 +++-------- > 1 file changed, 3 insertions(+), 8 deletions(-) > > -- > 2.14.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 2017-12-07 12:56:45 , Kleber Sacilotto de Souza wrote: > Only Trusty and Zesty are affected by CVE-2017-14140. > > The backport for Zesty was needed to adjust for context. Trusty > doesn't have caaee6234d05a ("ptrace: use fsuid, fsgid, effective creds > for fs access checks") which adds the definition and the checks for > PTRACE_MODE_READ_REALCREDS, whoever checking for PTRACE_MODE_READ should > be enough. > > Linus Torvalds (1): > Sanitize 'move_pages()' permission checks > > mm/migrate.c | 11 +++-------- > 1 file changed, 3 insertions(+), 8 deletions(-) > Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Only Trusty and Zesty are affected by CVE-2017-14140. The backport for Zesty was needed to adjust for context. Trusty doesn't have caaee6234d05a ("ptrace: use fsuid, fsgid, effective creds for fs access checks") which adds the definition and the checks for PTRACE_MODE_READ_REALCREDS, whoever checking for PTRACE_MODE_READ should be enough. Linus Torvalds (1): Sanitize 'move_pages()' permission checks mm/migrate.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-)